review-pull-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR metadata, the PR body/title, commit messages, diffs, and CI status from GitHub using gh pr view, gh pr diff, and gh pr checks — all user-generated/public content the agent is required to read and act on to form review decisions and post comments, so untrusted third-party content could carry indirect prompt-injection instructions.